As I noted a few weeks ago, Senators Jay Rockefeller (D-W.Va.), Olympia Snowe (R-Maine) and Bill Nelson (D-Fla.) were drafting new cybersecurity legislation. Last week the Senators introduced two bills. The first, S.778 (text of the bill not yet available), would establish an Office of National Security Advisor within the Executive Office of the President. The second, S.773 (text of the bill not yet available), entitled the Cybersecurity Act of 2009, gives the President the power to limit or shut down Internet traffic to and from any federal government or United States infrastructure network. The other provisions of the legislation are summarized in my previous post.
Whether the legislation has any chance of passing remains to be seen. However, some groups are already criticizing aspects of the legislation. The President of the Center for Democracy and Technology, for example, has stated "[t]he cybersecurity threat is real, but such a drastic federal intervention in private communications technology and networks could harm both security and privacy." The bills have been referred to the Committee on Homeland Security and Government Affairs.
Links:
- A draft of S.778 (.pdf)
- A draft of S.773 (.pdf)
- The CDT’s post on the legislation can be found here.
- April 6, 2009 Computerworld Article: "Yet Another Government Attempt At Cybersecurity"
On the surface, the recent attention to cybersecurity sounds laudable.
However, I believe it is in part meant to pave the way for passage of S.773 ( http://tinyurl.com/d8o345 ) which will allow President and Secretary of Commerce to
a) define and re-define the “critical cyber infrastructure” and
b) “have access to all relevant data concerning such networks without regard to any provision of law, regulation, rule, or policy restricting such access.” (Sec 14. Public-Private Clearinghouse).
This is much more than just “turning off the internet” when the President wants to. This is invasion of privacy.
If U.S. citizens value corporate or personal privacy, they should write your congress-person(s) and demand this bill be defeated and recognize the risks of the allure of the “cybersecurity” rhetoric.